[PATCH 01/15] spl: nand: Fix NULL-pointer dereference
Sean Anderson
seanga2 at gmail.com
Sun Oct 29 15:15:23 CET 2023
On 10/28/23 23:48, Sean Anderson wrote:
> spl_nand_fit_read unconditionally accesses load->priv. Ensure it is set.
>
> Fixes: 00e180cc513 ("spl: nand: support loading i.MX container format file")
> Fixes: 4620e8aabc1 ("spl: nand: support loading legacy image with payload compressed")
> Signed-off-by: Sean Anderson <seanga2 at gmail.com>
> ---
>
> common/spl/spl_nand.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/common/spl/spl_nand.c b/common/spl/spl_nand.c
> index 07916bedbb9..a19236d9e6d 100644
> --- a/common/spl/spl_nand.c
> +++ b/common/spl/spl_nand.c
> @@ -105,7 +105,7 @@ static int spl_nand_load_element(struct spl_image_info *spl_image,
> struct spl_load_info load;
>
> load.dev = NULL;
> - load.priv = NULL;
> + load.priv = &offset;
> load.filename = NULL;
> load.bl_len = bl_len;
> load.read = spl_nand_fit_read;
> @@ -116,7 +116,7 @@ static int spl_nand_load_element(struct spl_image_info *spl_image,
>
> debug("Found legacy image\n");
> load.dev = NULL;
> - load.priv = NULL;
> + load.priv = &offset;
> load.filename = NULL;
> load.bl_len = 1;
> load.read = spl_nand_legacy_read;
Actually, since spl_nand_legacy_read doesn't reference priv, this second hunk is
unnecessary. Actually, spl_nand_legacy_read and spl_load_legacy_img are technically buggy
since size/offset are supposed to be in units of bl_len. However, this basically just
results in extra multiplies and divides, so I don't think it's desirable. I actually have
a patch to convert everything to bytes (keeping alignment), so "fixing" this is not
necessary for the moment.
--Sean
More information about the U-Boot
mailing list